Hello:
In message <[email protected]>,
[email protected] writes:
>I'm a SEC noob and I'm trying to monitor the output of a
>script (not mine) that writes in /var/log/messages its
>elapsed running time. I have to notify to Nagios if this
>time override a first limit (warning) or another more
>important one (critical). Now I've found a solution with
>regexp:
>
>type=Single
>ptype=RegExp
>pattern=Ending\sscript.\sIt\slasted\s[\d]*\sseconds
>context=LOWPERF
>continue=TakeNext
>desc=$0
>action=create LOWPERF
>
>type=Single
>ptype=RegExp
>pattern=Ending\sscript.\sIt\slasted\s[\d]*\ssecond
>continue=TakeNext
>desc=$1
>action=add LOWPERF $0
>
>## This rule matches all number from 100 to 699.
>type=Single
>ptype=RegExp
>pattern=Ending\sscript.\sIt\slasted\s[1-6][\d][\d]\sseconds
>desc=$0
>action=report LOWPERF /bin/echo -e
>"script\tperformance\t0\t$0" |
>/usr/nagios/libexec/send_nsca -H 192.168.1.200 -c
>/etc/nagios/send_nsca.cfg
>
>## This rule matches all number from 700 to 899.
>type=Single
>ptype=RegExp
>pattern=Ending\sscript.\sIt\slasted\s[7-8][\d][\d]\sseconds
>desc=$0
>action=report LOWPERF /bin/echo -e
>"script\tperformance\t1\t$0" |
>/usr/nagios/libexec/send_nsca -H 192.168.1.200 -c
>/etc/nagios/send_nsca.cfg;
>
>## This rule matches all number from 900 to infinity.
>type=Single
>ptype=RegExp
>pattern=Ending\sscript.\sIt\slasted\s([9][\d][\d]|[\d][\d][\d]\d+)\sseconds
>desc=$0
>action=report LOWPERF /bin/echo -e
>"script\tperformance\t2\t$0" |
>/usr/nagios/libexec/send_nsca -H 192.168.1.200 -c
>/etc/nagios/send_nsca.cfg;
>
>But it is not very readable and if I would like to lower
>limit I've to modify each regexp logic with many
>possibilities to be wrong.
>I've tried to study Perl syntax to user PerlFunc SEC
>feature, but I don't find a solution: I'd like to get
>someting like...
>pattern=[\d]*; if ( pattern < 700 ) then action...
>and so on.
You should only need three rules. Something like:
## This rule matches all number from 0 to 700
type=Single
ptype=RegExp
pattern=Ending\sscript.\sIt\slasted\s([0-9]+)\sseconds
desc=$0
context = =($1 < 700)
action= shellcmd /bin/echo -e "script\tperformance\t2\t$0" | \
/usr/nagios/libexec/send_nsca -H 192.168.1.200 -c \
/etc/nagios/send_nsca.cfg;
there is no need to use report at all a simple shellcmd should work.
## This rule matches all number from 700 to 899
type=Single
ptype=RegExp
pattern=Ending\sscript.\sIt\slasted\s([0-9]+)\sseconds
desc=$0
context = =($1 >= 700) && =($1 < 900)
action= shellcmd /bin/echo -e "script\tperformance\t2\t$0" | \
/usr/nagios/libexec/send_nsca -H 192.168.1.200 -c \
/etc/nagios/send_nsca.cfg;
## This rule matches all number from 900 to infinity.
type=Single
ptype=RegExp
pattern=Ending\sscript.\sIt\slasted\s([0-9]+)\sseconds
desc=$0
context = =($1 > 900)
action= shellcmd /bin/echo -e "script\tperformance\t2\t$0" | \
/usr/nagios/libexec/send_nsca -H 192.168.1.200 -c \
/etc/nagios/send_nsca.cfg;
Thekey is to look for context expressions in the manual. The =( ... )
syntax allows you to place perl expressions in there and have perl
evaluate them. $1 evaluates to your elapsed time, and you just use the
perl comparison operators >, < , >=, <= to compare to your thresholds.
--
-- rouilj
John Rouillard
===========================================================================
My employers don't acknowledge my existence much less my opinions.
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Simple-evcorr-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
